This might be the only trick I'll write down, perhaps it'll actually be a series of tiny things I find useable when working with git.
All of theese will probably assume some basic knowledge of how git actually works and possible also assume some level of experience. It will mostly be things that aid me in my day to day use of git.
Right, enough chitter, I had a problem I wanted to solve. (Isn't that how it always starts?)
I wanted to be able to from any host, clone a repository with a little configuration as possible, and be able to pull from this repository later on, without having to know how to write to the repository.
At the same time, I need to be able to from any host, push to the repository authenticated and as secure as possible.
So how to go about this.
It seemed natural that the way the pull/clone should take place was with a ssh-key, I realised this would have to be done with a dedicated key that could actually be transported with the repository. This makes it necessary for the first initial pull of the repository will have me reset the rights on the ssh-key file back to 0600, or ssh will complain and refuse to use the key.
I also had to upload the key by "some magic" and use that for the first pull. This seemed to make sense. I choose to do it using ansible and recipe containing among other stuff, the following relevant snippets from the ansible playbook.
- name: create ~/TEMPORARYKEY
copy: src=TEMPORARYKEY dest=~/TEMPORARYKEY force=yes mode=0600
- name: ensure rights on readonlykey
file: path=~/TEMPORARYKEY mode=0600
- name: create .ssh dir
file: path=~/.ssh state=directory mode=0700
- name: create ~/TEMPORARYSSHCONFIG
copy: src=TEMPORARYSSHCONFIG dest=~/.ssh/config force=yes mode=0600
- name: clone repository
git: repo=sshROkey:GIT/repository dest=~/repository
And the special bit there is the ssh-config that has a section similar to
Host sshROkey
HostName git-ssh-master.example.com
User myuser
IdentityFile ~/TEMPORARYKEY
That glues together the whole reading of a repository quite nicely, now comes the question of writing to it. I found a good hint at stackoverflow but I can't remember where it was. The trick is to use set-url after the repository has been cloned.
In general, git remote set-url origin [URL] can be used to change the
url, but the following two lines can do the "magic trick" I really want
done.
$ git remote set-url origin sshROkey:GIT/repository
$ git remote set-url origin --push git-ssh-master.example.com:GIT/repository
That will quite nicely use two different ways of authentication for two different purposes on one repository.
As a tiny addendum, changing this in a repository can also be done in a different, perhaps more crude/elegant way, depending on your point of view.
First, raw editing on the .git/config file, you're looking for the block that looks like
[remote "origin"]
url = git-ssh-master.example.com:GIT/repository
fetch = +refs/heads/*:refs/remotes/origin/*`
That will end up looking like
[remote "origin"]
fetch = +refs/heads/*:refs/remotes/origin/*
url = sshROkey:GIT/repository
pushurl = git-ssh-master.example.com:GIT/repository
Change can either be done with editing the .git/config or by something similar to
$ git config --local --unset-all remote.origin.url
$ git config --local --unset-all remote.origin.pushurl
$ git config --local --add remote.origin.url sshROkey:GIT/repository
$ git config --local --add remote.origin.pushurl git-ssh-master.example.com:GIT/repository
For a bit of a fun mix of the two, the --local can be replaced with
-f .git/config to edit the specific file.
Comments
comments powered by Disqus